laurentsimon
laurentsimon
the statistics API may be useful to assess the activity of a repo https://docs.github.com/en/rest/reference/repos#statistics
increasing the time period may also be useful - related to https://github.com/ossf/scorecard/issues/1025
this API may also be useful https://docs.github.com/en/rest/reference/activity
another idea is to use the list of transitive deps, see if some have been updated and if the project has accepted dependabot PRs. That's pretty involved, though
Shall we create an issue on their runner repo?
This won't be part of the first code changes, unfortunately. We will need to integrate the new results into SARIF. This will be a breaking change so it will take...
deps.dev API https://github.com/google/deps.dev/blob/main/api/v3alpha/api.proto
Thanks for the report. I think the original goal of the Packaging check was to verify whether users have open-source release pipeline, to help consumers know that the build corresponds...
Thanks for the report. You run clang tidy as a a command or use an action that wraps it? I suppose the former, but would like to confirm. Do you...
once we have https://github.com/ossf/scorecard/pull/1487 landed, I'll add support for this issue.